[ubuntu/maverick-security] oprofile 0.9.6-1.1ubuntu1.1 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Thu Jul 7 18:03:35 UTC 2011
oprofile (0.9.6-1.1ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: shell metacharacter injection -e argument and arbitrary
file overwrite
- 0001-Sanitize-Event-Names.patch: only allow alphanumerics with -e
- 0002-Ensure-that-save-only-saves-things-in-SESSION_DIR.patch: ensure
that --save only saves things in $SESSION_DIR
- 0003-Avoid-blindly-source-SETUP_FILE-with.patch: don't execute commands
in $SETUP_FILE
- 0004-Do-additional-checks-on-user-supplied-arguments.patch: input
validation on user supplied values
- 0005-add-back-error_if_not_basename.patch: readd error_if_not_basename()
which was removed in 0003-Avoid-blindly-source-SETUP_FILE-with.patch
- CVE-2011-1760
Date: Thu, 07 Jul 2011 11:04:29 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/oprofile/0.9.6-1.1ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Thu, 07 Jul 2011 11:04:29 -0500
Source: oprofile
Binary: oprofile libopagent1 oprofile-gui
Architecture: source
Version: 0.9.6-1.1ubuntu1.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
libopagent1 - system-wide profiler for Linux systems (opagent runtime library)
oprofile - system-wide profiler for Linux systems
oprofile-gui - system-wide profiler for Linux systems (GUI components)
Changes:
oprofile (0.9.6-1.1ubuntu1.1) maverick-security; urgency=low
.
* SECURITY UPDATE: shell metacharacter injection -e argument and arbitrary
file overwrite
- 0001-Sanitize-Event-Names.patch: only allow alphanumerics with -e
- 0002-Ensure-that-save-only-saves-things-in-SESSION_DIR.patch: ensure
that --save only saves things in $SESSION_DIR
- 0003-Avoid-blindly-source-SETUP_FILE-with.patch: don't execute commands
in $SETUP_FILE
- 0004-Do-additional-checks-on-user-supplied-arguments.patch: input
validation on user supplied values
- 0005-add-back-error_if_not_basename.patch: readd error_if_not_basename()
which was removed in 0003-Avoid-blindly-source-SETUP_FILE-with.patch
- CVE-2011-1760
Checksums-Sha1:
0b748fde349e73d3f0012fb3a94f25b2d35b3313 2193 oprofile_0.9.6-1.1ubuntu1.1.dsc
d584b864be277c6af132c30cd5c8c39d6feba492 24551 oprofile_0.9.6-1.1ubuntu1.1.diff.gz
Checksums-Sha256:
e897771da94a824477b5206cc5353c3ed53fa0bf706b67186a1f336458dff6cb 2193 oprofile_0.9.6-1.1ubuntu1.1.dsc
569856452f5542d513f2da251bc75fde7b875b5aec59e10884b79ad62ce31a7b 24551 oprofile_0.9.6-1.1ubuntu1.1.diff.gz
Files:
d4ed4f07b836063106def114221c5930 2193 devel optional oprofile_0.9.6-1.1ubuntu1.1.dsc
f9bed573eac92f30d5618e574f65552f 24551 devel optional oprofile_0.9.6-1.1ubuntu1.1.diff.gz
Original-Maintainer: LIU Qi <liuqi82 at gmail.com>
More information about the Maverick-changes
mailing list